what is POODLE Vulnerability

what is POODLE Vulnerability

POODLE Vulnerability

– SSL 3.0 [RFC6101] is an obsolete and insecure protocol
– Current TLS (TLS 1.0 [RFC2246], TLS 1.1 [RFC4346],and TLS 1.2 [RFC5246]) implementations remain backwards­compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience
– Many clients implement a protocol downgrade dance to work around server­side interoperability bugs
– Attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0
– POODLE attack (Padding Oracle On Downgraded Legacy Encryption) will allow them, for example, to steal “secure” HTTP cookies (or other bearer
tokens such as HTTP Authorization header contents) and calculate the plain text of secure connections


For all versions and releases of Apache based IBM HTTP server, enable strict CBC padding enforcement. Add the following directive to the httpd.conf file, for each context that contains “SSLEnable”, to enable strict CBC padding enforcement.

# Enable strict CBC padding
SSLAttributeSet 471 1

Restart the IHS instance for the changes to take effect.

NOTE: Enabling strict CBC padding enforcement has the following prerequisites:

* Maintenance levels:,, or later

Hope you enjoyed reading this article. Thank you.